package com.example.assetmanagement.controller;

import com.example.assetmanagement.common.ApiResponse;
import com.example.assetmanagement.domain.User;
import com.example.assetmanagement.mapper.UserMapper;
import lombok.RequiredArgsConstructor;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.bind.annotation.*;

@RestController
@RequestMapping("/auth")
@RequiredArgsConstructor
public class AuthController {

    private final UserMapper userMapper;
    private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();

    /**
     * 简单登录，验证用户名密码
     */
    @PostMapping("/login")
    public ApiResponse<?> login(@RequestParam String username,@RequestParam String password){
        User user = userMapper.selectByUsername(username);
        if(user == null){
            return ApiResponse.error(404, "用户不存在");
        }
        if(user.getStatus()!=null && user.getStatus()==0){
            return ApiResponse.error(403, "用户已被禁用");
        }
        if(!passwordEncoder.matches(password,user.getPassword())){
            return ApiResponse.error(401, "密码错误");
        }
        // 简化：直接返回成功，不生成token
        return ApiResponse.success(null);
    }
} 